888rat | 28431e848e6560ad8fc37e3fdba704548af3977e8ec9c9b5cc877955455f993e | Triage

Sharing

General

Target

GCQOFN.apk
Size

2.0MB
Sample

240505-ylxrqafc69
MD5

91e7f991651aadb0bba46ee9385b46ae
SHA1

ea2e2434143f42a0f450e9b41e538a9cdd119937
SHA256

28431e848e6560ad8fc37e3fdba704548af3977e8ec9c9b5cc877955455f993e
SHA512

7a1a05ac4ba6d65588d0012df7be29df04a7e06763814133f21d275d00b8857a5cc356e694aaea7c63dc14f226d6e328008912156924e0ab65dea2a7c19d7af4
SSDEEP

49152:Z73fx7xKnOWUTO4Kq3nfOAzvnc21zgeFTplk:NxxKnWvKUnrzv11zgOk

Score

10^/10

888rat android banker discovery evasion impact persistence privilege_escalation

Malware Config

Targets

- Target
  
  GCQOFN.apk
- Size
  
  2.0MB
- MD5
  
  91e7f991651aadb0bba46ee9385b46ae
- SHA1
  
  ea2e2434143f42a0f450e9b41e538a9cdd119937
- SHA256
  
  28431e848e6560ad8fc37e3fdba704548af3977e8ec9c9b5cc877955455f993e
- SHA512
  
  7a1a05ac4ba6d65588d0012df7be29df04a7e06763814133f21d275d00b8857a5cc356e694aaea7c63dc14f226d6e328008912156924e0ab65dea2a7c19d7af4
- SSDEEP
  
  49152:Z73fx7xKnOWUTO4Kq3nfOAzvnc21zgeFTplk:NxxKnWvKUnrzv11zgOk
Score

8^/10

banker discovery evasion impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Hide Artifacts

User Evasion

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistenceprivilege_escalation